do you use password or pubkey authentication? and if password, is the a id_dsa or id_rsa file in your ~/.ssh? maybe your ssh installation tries the wrong authentication first and your server doesn't deny but simply ignore that request resulting in that 30s timeout
–
Tobias KienzlerJan 10 '11 at 14:11

@tobias I use password and I don't have "~/.ssh" file. That's a directory, and it only has "known_hosts" file in it.
–
TshepangJan 10 '11 at 16:59

4

It looks like you have a 15s DNS timeout. Maybe the server is doing a DNS lookup; if you can, make sure you have UseDNS no in sshd_config on the server. In any case, run ssh -vvv user@hostname to see where the login is hanging.
–
GillesJan 10 '11 at 19:52

@gil Thanks. I updated the question. I'll ask the admin to check for that UseDNS setting.
–
TshepangJan 10 '11 at 20:07

2

@Tshepang: Oh, you're using Kerberos (GSSAPI) authentication. I'm not familiar with it. If it's misconfigured, maybe it's causing the delay. This is something you can ask your admin. DNS might be a red herring; it's the most common cause in the wild, but perhaps your problem is different.
–
GillesJan 10 '11 at 20:13

+1 Nice answer! (1) Is it a normal speed for ssh login connection to take the time of the cursor flashing 7 times? (2) Why does it work by commenting out GSSAPIAuthentication yes and GSSAPIDelegateCredentials no? @Tshepang
–
TimJan 20 '12 at 0:21

@Tim (1) that's way too long... depending on the connection, I don't expect it to take over 2 seconds; (2) I have no idea, just that it works
–
TshepangJan 23 '12 at 9:00

The default for GSSAPIAuthentication in most versions of OpenSSH is "no", but some distros set it to "yes" in the sshd_config and ssh_config files. If you don't need/use it, it slows down the connection / authentication handshake.
–
tgharoldOct 31 '13 at 17:25

If LDAP/AD authentication is in use, won't disabling GSSAPI cause a simple bind to be used, potentially sending passwords over the network in plaintext?
–
ShannonJul 31 '14 at 17:15

I did the change (though I had no commented-out UseDNS option), reset my ssh server, and still the same problem.
–
TshepangJan 21 '11 at 12:16

2

@Tshe hmm, odd. The only speed problems I've ever had with SSH was due to this.
–
EarlzJan 22 '11 at 0:49

1

I was skeptical as I use to login using the IP address (home LAN), but this solution fixed my issue. For Google's sake, though it was occurring just after, the delay had nothing to do with the "key: /home/mylogin/.ssh/id_ecdsa ((nil))" message (when running ssh -vvv).
–
Skippy le Grand GourouMay 19 '14 at 10:39

You are telling it takes only half the time when you use the IP address. This means you have a problem with your name resolution (IP=>FQDN or FQDN=>IP). So first take a look at your DNS config and then try to find out whether you have a problem with ssh or not.
–
ChristianJan 11 '11 at 6:50